From owner-freebsd-hackers@FreeBSD.ORG  Wed Nov 10 19:53:27 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id EB35816A4CE; Wed, 10 Nov 2004 19:53:26 +0000 (GMT)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 59ACA43D1F; Wed, 10 Nov 2004 19:53:26 +0000 (GMT)
	(envelope-from nectar@celabo.org)
Received: from localhost (localhost [127.0.0.1])
	by gw.celabo.org (Postfix) with ESMTP
	id CF6B15486E; Wed, 10 Nov 2004 13:53:25 -0600 (CST)
Received: from gw.celabo.org ([127.0.0.1])
 by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024)
 with SMTP id 07457-04; Wed, 10 Nov 2004 13:53:14 -0600 (CST)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified))
	by gw.celabo.org (Postfix) with ESMTP
	id DC87A5485D; Wed, 10 Nov 2004 13:53:14 -0600 (CST)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id C44A66D468; Wed, 10 Nov 2004 13:52:59 -0600 (CST)
Date: Wed, 10 Nov 2004 13:52:59 -0600
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: Xin LI <delphij@frontfree.net>
Message-ID: <20041110195259.GB74491@madman.celabo.org>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Xin LI <delphij@frontfree.net>,
	Julian Elischer <julian@elischer.org>, freebsd-hackers@freebsd.org,
	freebsd-security@freebsd.org
References: <20041110173511.GA2940@frontfree.net>
	<4192539C.6040403@elischer.org> <20041110183046.GA3518@frontfree.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20041110183046.GA3518@frontfree.net>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.6i
cc: freebsd-hackers@freebsd.org
cc: Julian Elischer <julian@elischer.org>
cc: freebsd-security@freebsd.org
Subject: Re: Is there any way to know if userland is patched?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2004 19:53:27 -0000

On Thu, Nov 11, 2004 at 02:30:46AM +0800, Xin LI wrote:
> I have an idea that is somewhat too complex to be included in FreeBSD - we
> maintain a ``master'' patchlevel, and two patchlevels indicating the least
> ``master'' patchlevel that touches kernel or userland.  It might be something
> like this:
> 
> Master			| Userland		| Kernel
> ========================+=======================+=======================
> 4.10-RELEASE		| 4.10-RELEASE		| 4.10-RELEASE
> 4.10-RELEASE-p1		| 4.10-RELEASE		| 4.10-RELEASE-p1
> 4.10-RELEASE-p2		| 4.10-RELEASE		| 4.10-RELEASE-p2
> 4.10-RELEASE-p3		| 4.10-RELEASE-p3	| 4.10-RELEASE-p2
> 
> And propograte it somewhere.  This is somewhat complex as the security officer
> must bump two version when he is doing a security update and I'm not sure whether
> this is beneficial enough so I hesitate to proposal a patch of this,

Actually, some time ago I thought of doing something quite similar.  At
first, I wanted to alter uname(3) to return not the kernel version, but
a userland version string.  Borrowing from the way Solaris does it, I
thought we'd just stick the version in /etc/release.  That way
"patching" /etc/release would be sufficient for userland issues.  But of
course that doesn't help us with kernel issues, and the fact that kernel
and userland can accidently get out of sync.

So I thought perhaps we'd have a patch level for userland, and a patch
level for the kernel.  Some patches would touch only the userland patch
level, and some the kernel patch level.  There would also be recorded in
userland what the latest kernel patch level should be.  Then uname(3)
would display the patch level according to whether the latest kernel is
loaded.  (I know, this is a hard to follow description.)

Something like so:

  userland_pl          Patch level of currently installed userland.
  expected_kernel_pl   Patch level of currently installed kernel.
  kernel_pl            Patch level of currently running kernel.

Then, uname(3) will choose what patch level to display like so:

   if (kernel_pl < expected_kernel_pl || kernel_pl > userland_pl)
     return kernel_pl;
   else
     return userland_pl;

(Actually, we would probably make patch level bumps such that the
"kernel_pl > userland_pl" case never happens.)

In the end, what we want is for a user to type `uname -r' and to see
what patch level is running.  Anything more complicated (checking RCS
Ids and such) just gets in the way, I think.

Cheers,
-- 
Jacques A Vidrine / NTT/Verio
nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org